From d7be1b119ea1878a746dbd15b36dc467f411bbb9 Mon Sep 17 00:00:00 2001
From: ARUNANGSHU CHATTERJEE <aruchatt@cisco.com>
Date: Fri, 28 Apr 2023 21:43:05 +0000
Subject: [PATCH] CSCwe67174: Add common security response headers

---
 gateway/handler_error.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/gateway/handler_error.go b/gateway/handler_error.go
index 91453bb5ce3..9d28323c59a 100644
--- a/gateway/handler_error.go
+++ b/gateway/handler_error.go
@@ -153,6 +153,23 @@ func (e *ErrorHandler) HandleError(w http.ResponseWriter, r *http.Request, errMs
 			response.Header.Add(headers.XGenerator, "Cisco Nexus Dashboard")
 		}
 
+		// Cisco Change - Add common security headers
+		// Add HSTS Header
+		w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
+		response.Header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
+		
+		// Add X-XSS Header
+		w.Header().Set(headers.XXSSProtection, "1; mode=block")
+		response.Header.Set(headers.XXSSProtection, "1; mode=block")
+
+		// Add X-Content-Type-Options Header
+		w.Header().Set(headers.XContentTypeOptions, "nosniff")
+		response.Header.Set(headers.XContentTypeOptions, "nosniff")
+
+		// Add X-Frame-Options Header
+		w.Header().Set(headers.XFrameOptions, "SAMEORIGIN")
+		response.Header.Set(headers.XFrameOptions, "SAMEORIGIN")
+
 		// Close connections
 		if e.Spec.GlobalConfig.CloseConnections {
 			w.Header().Add(headers.Connection, "close")